Splunk

This can be used to group together multiple lines, of which belong to the same thread. You can pipe the data to a “transaction startswith/endswith” as described below, and Splunk will group the lines into a single shared “transaction”. Then the “table” command basically creates a table of the output of the field.

NOTE: This is slow and very taxing for Splunk, so do it against a short time frame, and don’t schedule any reports to do this (the “transaction” function).